Krebs on Security

In-depth security news and investigation

Tech Support Phone Scams Surge

The bogus tech support boiler rooms must be working overtime lately. I’ve recently been inundated with horror stories from readers who reported being harassed by unsolicited phone calls from people with Indian accents posing as Microsoft employees and pushing dodgy PC security services.

These telemarketing scams are nothing new, of course, but they seem to come and go in waves, and right now it’s definitely high tide. One reader’s story in particular really creeped me out. “Ron” wrote in to say his friend’s young daughter was the latest target.

“A friend called me to tell me that someone called his house, and using some ruse, convinced his 11 year-old daughter to ‘type in some numbers’ into the Run window,” Ron wrote. “When he got home, he turned the computer off, and we assume that it’s compromised and will need to be reformatted.”

Ron said that not long after that incident, he received a similar call. The woman on the phone told him that she was “the authorized security monitoring service for Microsoft Windows,” and that they had detected that his computer was infected with malware, which naturally he needed to have removed.

“The phone number was a Georgia area code, but I’m pretty sure she was from somewhere in India or Pakistan, based on the delay, her accent and use of English — she said her name was Nancy,” Ron said. “She was also calling me at 7:30 am.”

IF AT FIRST YOU DON’T SUCCEED…

Wednesday evening, I heard from “J.C.,” an information security officer from a community bank in Maine. J.C. said he’d just been contacted by two customers who called after being snookered by these scams.

“The scammers said they were from Microsoft and had been shadowing the customers’ computer, and saw they had a virus on their PCs, and would they please open a command prompt and download something,” said J.C., who spoke on the condition that I not print his full name or that of his employer.

J.C. said both customers had been bamboozled by a company in India called NIAS E Business Solutions, to the tune of $199. J.C. said the bank blocked the transactions and canceled the customers’ debit cards. But that didn’t stop NIAS from trying to put through the charges two more times. The first time for a lesser amount of $99. When that failed, the NIAS tried to put through a $120 charge via Western Union!

J.C. and the Maine bank are still trying to figure out another curious aspect of this scam: J.C. said that prior to attempting the charges, NIAS signed up the customer for MasterCard’s SecureCode, a security service offered by MasterCard intended to provide added protection against card fraud for customers shopping online.

“The customer had never registered with SecureCode, and the bizarre thing was that the person who made the call from this NIAS company registered it with SecureCode, almost as if to try to make the transaction seem more legitimate,” J.C. said.

TARGETING THE ELDERLY?

J.C. said it appears as though these call services are targeting the elderly and people who may have computers but little expertise about how to secure them. KrebsOnSecurity reader and security professional Sam Sharp is fairly convinced of that as well: He wrote in this week to tell me about a similar scam that targeted his mom. Sharp wrote:

A remote admin tool used by the scammers who targeted Sharp’s mom.

“My mom is 86 and lives in Florida with so many other seniors. She is a nice old lady. Last year I upgraded her PC to Windows 7 and removed admin access for her account. I manage her PC from Minnesota using Logmein. Keeping it patched and help her create her monthly invoices in Word. She works a few hours several days a week driving other seniors to appointments and visiting them to make sure they are eating and taking their medications. On Tuesday Mom received an unsolicited phone call from someone who actually got her to go to her computer, visit a website and download a program to her PC. I am not sure what the scam was about but the software appears to be a remote access program called AAMMY.”

The tech support people said they needed the admin password to install their diagnostic and cleanup tools, so Sharp’s mom called and left a message with him, asking for the password so she could relay it to the people who had called her (the number that called her was 888-458-9001).

“I recorded the voice message that my mom left because it is amazing to hear how convinced she was that this was legitimate,” Sharp said. “I had to be very delicate in explaining to her that this was a scam, and it actually took some effort to get her to realize that people do this kind of [stuff].”

For its part, Microsoft recently published a notice to its Safety & Security Center page warning customers about these fraudulent tech support scams from call centers claiming to represent Microsoft. The company stressed that neither Microsoft nor its partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. Ironically, Microsoft itself offers a fair amount of free tech and security support, by phone, email and online chat — but the customer has to initiate the process.

Have a Windows application you need to use once in a while? No problem. Every new Mac lets you install and run Windows at native speeds, using a built-in utility called Boot Camp.

Setup is simple and safe for your Mac files. After you’ve completed the installation, you can boot up your Mac using either OS X or Windows. Or if you want to run Windows and Mac applications at the same time — without rebooting — you can install Windows using VMware or Parallels software.*

It is very easy (and has been for decades) to purchase lists segregated by demographics. They may even “steal” the same lists…
Ever fill out a warranty registration card? A “survey” to win something? lots of sources of info
I kept one of these scammers busy for 20 minutes by playing dumb, before I had to go do other things. They had called my 80+ year old parents, and knew their names and address – call was not random, they had a list of some sort.
Targeting could be as simple as hitting regions that have a generally older demographic right out of a phone book, but targeted lists are easy to get.